CVE-2022-49561
netfilter: conntrack: re-fetch conntrack after insertion
In the Linux kernel, the following vulnerability has been resolved:
netfilter: conntrack: re-fetch conntrack after insertion
In case the conntrack is clashing, insertion can free skb->_nfct and
set skb->_nfct to the already-confirmed entry.
This wasn't found before because the conntrack entry and the extension
space used to free'd after an rcu grace period, plus the race needs
events enabled to trigger.
Affected products
Linux · LinuxWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://git.kernel.org/stable/c/01989d7eebb61c99bd4b88ebc8e261bd2f02caedhttps://git.kernel.org/stable/c/04e4a11dc723c52db7a36dc58f0d69ce6426f8f0https://git.kernel.org/stable/c/04f9e9104c969d8ce10a4a43634f641ed082092dhttps://git.kernel.org/stable/c/56b14ecec97f39118bf85c9ac2438c5a949509edhttps://git.kernel.org/stable/c/91a36ec160ec1a0c8f5352b772dffcbb0b6023e3https://git.kernel.org/stable/c/92a999d1963eed0df666284e20055136ceabd12fhttps://git.kernel.org/stable/c/b16bb373988da3ceb0308381634117e18b6ec60dhttps://git.kernel.org/stable/c/e97222b785e70e8973281666d709baad6523d8af